Shellshock: how worried should you be about this recently discovered threat?

20. October 2014 Internet Security 0

There is a lot of discussion lately regarding the “bug” called Shellshock. This bug exists within specific computer architectures and leaves these devices vulnerable to potential attack. The interesting thing is that the architecture this bug resides in is Unix/Linux based – which means it includes Apple computers and portable devices.

Yes, that’s correct – Apple devices. Historically, Microsoft computers have borne the brunt of vulnerability to attack. Why so few attacks on Apple products? Well, in truth the vulnerabilities have been there but up until now they haven’t been as dangerous as those in Microsoft machines. Much of this is simply because they had a small market share compared to Microsoft, and hackers like to get the biggest bang for their buck. That and Apple hasn’t been using Unix based operating systems (OS) for very long.

So what is this bug all about? Well, as I have noted, the bug is built into Unix and Linux servers (and PC’s and handhelds that use these OS’s). It exists in a process known as Bash. Many web servers use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

Remember the Heartbleed bug? That virus ran unnoticed for two years and was used by the NSA to track user’s interests before the vulnerability came to light. The scary thing is Heartbleed was less of a problem than Shellshock could be. The Shellshock bug has been in the Bash code for the past 22 years before it was (recently) discovered. In the case of Heartbleed, someone taking advantage of it could collect your data. In the case of Shellshock, they can take over your computer.

So what can you do? First, don’t panic. As I’ve said for years now, jsut follow these basic tips and you should be fine.
1. Keep your computer operating system and software up to date
2. Make sure you have a good antivirus program and keep that up to date
3. Don’t open any email you don’t recognize
4. Don’t insert media into a computer or network unless you know for sure it is safe
5. If your computer starts to do funny things contact your IT professional to have it looked at

And there you have it, the Shellshock virus in a nutshell. There is a lot more reading on this subject online if you are interested. Simply Google Shellshock virus and you’ll find plenty to read. They say that knowledge is power. You should have enough here to be informed and keep yourself and your data safe while online. Until next time, be smart, be safe.

Got a question or an idea for a topic you would like to see covered in one of my upcoming posts? Write to support@skywaywest.com and sound off. I’ll do what I can to address your questions or concerns either personally in a reply email or on the blog. Until next month, take care.

–Wes